Privacy Policy

1. An overview of data protection

General information

The following information provides a clear overview of how your personal data is handled when you visit this website. The term “personal data” refers to any information that can be used to personally identify you. For detailed information on data protection, please refer to our Privacy Policy, which is included below.

Data collection on this website

Who is responsible for collecting data on this website (i.e., the “controller”)?

The data on this website is processed by the website operator, whose contact information is provided in the section titled “Information about the data controller” in this Privacy Policy.

How do we collect your data?

We collect your data when you share it with us. This may include, for example, information you enter into our contact form.

Other data is collected by our IT systems automatically or after you consent to its collection during your visit to the website. This data consists primarily of technical information (e.g., web browser, operating system, or the time the site was accessed). This information is collected automatically when you access this website.

What are the purposes for which we use your data?

Some of the information is collected to ensure the website operates without errors. Other data may be used to analyze your usage patterns. If contracts can be concluded or initiated through the website, the data you provide will also be processed for contract offers, orders, or other order inquiries.

What rights do you have regarding your personal information?

You have the right to receive information about the source, recipients, and purposes of your stored personal data at any time without having to pay a fee for such disclosures. You also have the right to request that your data be corrected or deleted. If you have consented to data processing, you may withdraw this consent at any time, which will apply to all future data processing. Additionally, you have the right to request that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to file a complaint with the competent supervisory authority.

Please feel free to contact us at any time if you have questions about this or any other data protection-related issues.

2. Hosting

We host our website's content with the following provider:

Raidboxes

The provider is Raidboxes GmbH, Hafenstr. 32, 48153 Münster, Germany (hereinafter referred to as: Raidboxes). Whenever you visit our website, Raidboxes will record various log files, including your IP addresses.

For more information, please refer to Raidboxes' Privacy Policy: https://raidboxes.io/legal/privacy/.

We use Raidboxes on the basis of Article 6(1)(f) of the GDPR. We have a legitimate interest in ensuring that our website functions as reliably as possible. If you have been asked for your consent, processing shall occur exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, if the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined in the TDDDG. Such consent may be revoked at any time.

Data processing

We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection laws that ensures that they process the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General Information and Required Information

Data protection

The operators of this website and its pages take the protection of your personal data very seriously. Therefore, we treat your personal data as confidential information and handle it in accordance with applicable data protection laws and this Privacy Policy.

Whenever you use this website, various types of personal information will be collected. Personal data refers to information that can be used to personally identify you. This Privacy Policy explains what data we collect and the purposes for which we use it. It also explains how and for what purpose the information is collected.

We hereby advise you that the transmission of data via the Internet (i.e., through email communications) may be vulnerable to security breaches. It is not possible to completely protect data from unauthorized access by third parties.

Information about the responsible party (referred to as the “controller” in the GDPR)

The data controller for this website is:

Karina Freifrau von Ende
Say Wow
Irmgardstraße 9
81479 Munich

Phone: +49160 939 960 14
Email: hello@say-wow.de

The controller is the natural person or legal entity that, either alone or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

Storage duration

Unless a more specific retention period is specified in this privacy policy, we will retain your personal data until the purpose for which it was collected no longer applies. If you submit a valid request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.

General information on the legal basis for data processing on this website

If you have consented to the processing of your personal data, we process it on the basis of Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, if special categories of data are processed in accordance with Article 9(1) of the GDPR. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Article 49(1)(a) of the GDPR. If you have consented to the storage of cookies or to access to information on your device (e.g., via device fingerprinting), the data processing is additionally based on Section 25(1) of the TDDDG. You may revoke your consent at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of Art. 6(1)(c) GDPR. Furthermore, data processing may be carried out on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.

Recipients of personal data

As part of our business activities, we work with various external parties. In some cases, this also requires the transfer of personal data to these external parties. We only disclose personal data to external parties if this is necessary for the performance of a contract, if we are legally required to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to Article 6(1)(f) of the GDPR, or if another legal basis permits the disclosure of this data. When using processors, we only disclose our customers’ personal data on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Withdrawal of your consent to the processing of data

A wide range of data processing activities are permitted only with your express consent. You may also withdraw any consent you have already given us at any time. This does not affect the lawfulness of any data collection that took place prior to your withdrawal.

Right to object to the collection of data in specific cases; right to object to direct marketing (Art. 21 GDPR)

IF DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(e) OR (f) OF THE GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA ON GROUNDS RELATING TO YOUR SPECIFIC SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA IN QUESTION, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING OF YOUR DATA THAT OUTWEIGH YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PURPOSE OF THE PROCESSING IS THE ASSERTION, EXERCISING, OR DEFENDING LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS BEING PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

The right to file a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to file a complaint with a supervisory authority, in particular in the member state where they usually reside, work, or where the alleged violation occurred. The right to file a complaint applies regardless of any other administrative or judicial proceedings available as legal remedies.

Right to data portability

You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract, either directly or through a third party, in a commonly used, machine-readable format. If you request that the data be transferred directly to another controller, this will be done only if it is technically feasible.

Information regarding, correction, and deletion of data

In accordance with applicable laws, you have the right to request information at any time regarding your stored personal data, its source and recipients, as well as the purpose of processing your data. You may also have the right to have your data corrected or deleted. If you have any questions about this matter or any other questions regarding personal data, please do not hesitate to contact us at any time.

Right to request restrictions on processing

You have the right to request that the processing of your personal data be restricted. To do so, you may contact us at any time. The right to request restriction of processing applies in the following cases:

• If you dispute the accuracy of the data we have stored about you, we will generally need some time to verify your claim. While this investigation is ongoing, you have the right to request that we restrict the processing of your personal data.
• If your personal data has been or is being processed unlawfully, you have the option to request that the processing of your data be restricted instead of requesting that the data be erased.
• If we no longer need your personal data and you need it to exercise, defend, or assert legal rights, you have the right to request that the processing of your personal data be restricted rather than deleted.
• If you have lodged an objection under Article 21(1) of the GDPR, your rights and our rights will have to be weighed against each other. Until it has been determined whose interests prevail, you have the right to request that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, such data—with the exception of their archiving—may be processed only with your consent, or to assert, exercise, or defend legal claims, or to protect the rights of other natural persons or legal entities, or for important reasons of public interest identified by the European Union or an EU member state.

SSL and/or TLS encryption

For security reasons and to protect the transmission of confidential information, such as purchase orders or inquiries you submit to us as the website operator, this website uses either SSL or TLS encryption. You can tell if a connection is encrypted by checking whether the browser’s address bar changes from “http://” to “https://” and by the appearance of the padlock icon in the browser’s address bar.

If SSL or TLS encryption is enabled, third parties cannot read the data you send to us.

4. Collection of data on this website

Cookies

Our websites and pages use what the industry refers to as “cookies.” Cookies are small data files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently stored on your device (permanent cookies). Session cookies are automatically deleted once you end your visit. Permanent cookies remain stored on your device until you actively delete them or they are automatically deleted by your web browser.

Cookies may be set by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain third-party services into websites (e.g., cookies used to process payments).

Cookies serve a variety of purposes. Many cookies are technically essential, as certain website features would not work without them (e.g., the shopping cart feature or the display of videos). Other cookies may be used to analyze user behavior or for promotional purposes.

Cookies that are required for the performance of electronic communication transactions, for the provision of certain functions you wish to use (e.g., the shopping cart function), or those necessary for the optimization (required cookies) of the website (e.g., cookies that provide measurable insights into the website audience) are stored on the basis of Article 6(1)(f) of the GDPR, unless a different legal basis is specified. The website operator has a legitimate interest in storing required cookies to ensure the technically error-free and optimized provision of the operator’s services. If your consent to the storage of cookies and similar recognition technologies has been requested, processing occurs exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR and § 25 (1) TDDDG); this consent may be revoked at any time.

You have the option to configure your browser so that you are notified whenever cookies are set and to allow cookies only in specific cases. You may also choose to block cookies in certain cases or in general, or enable the delete function to automatically remove cookies when you close your browser. If cookies are disabled, some features of this website may be limited.

If other cookies and services are used on this website, you can find that information in this privacy policy.

CCM19

Our website uses CCM19 to obtain your consent for the storage of certain cookies on your device or for the use of specific technologies, and to document this consent in a manner that complies with data protection regulations. The provider of this technology is Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany (hereinafter referred to as “CCM19”).

When you visit our website, a connection is established with CCM19’s servers to obtain your consent and other declarations regarding the use of cookies. Subsequently, CCM19 will store a cookie in your browser to track the consent you have granted or revoked. The data generated through this system will be stored by us until you request that we delete it, delete the CCM19 cookie yourself, or the purpose for storing the data no longer applies. This is without prejudice to any mandatory statutory retention periods.

We use CCM19 to obtain the consent required by law for the use of cookies. The legal basis for this is Article 6(1)(f) of the GDPR.

Data processing

We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection laws that ensures that they process the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Contact form

If you submit inquiries to us via our contact form, the information provided in the contact form, as well as any contact information included therein, will be stored by us in order to process your inquiry and in the event that we have further questions. We will not share this information without your consent.

The processing of this data is based on Article 6(1)(b) of the GDPR if your request relates to the performance of a contract or if it is necessary to take steps prior to entering into a contract. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested; consent may be revoked at any time.

The information you have entered into the contact form will be retained by us until you ask us to delete the data, revoke your consent to the storage of the data, or the purpose for which the information is being stored no longer applies (e.g., after we have completed our response to your inquiry). This is without prejudice to any mandatory legal provisions, in particular retention periods.

Request by email, phone, or fax

If you contact us by email, phone, or fax, your inquiry, including all related personal data (name, inquiry), will be stored and processed by us for the purpose of handling your inquiry. We will not share this information without your consent.

This data is processed on the basis of Article 6(1)(b) of the GDPR if your inquiry relates to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the data is processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art. 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR) if it has been obtained; consent may be revoked at any time.

The data you send to us via contact requests will be retained by us until you request that we delete it, revoke your consent to its storage, or the purpose for which it was stored no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular statutory retention periods—remain unaffected.

Communication via WhatsApp

To communicate with our customers and other third parties, one of the services we use is the instant messaging service WhatsApp. The provider is WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

Communication is encrypted end-to-end (peer-to-peer), which prevents WhatsApp or other third parties from accessing the content of the communication. However, WhatsApp does have access to metadata generated during the communication process (such as the sender, recipient, and time). We would also like to point out that WhatsApp has stated that it shares its users’ personal data with its U.S.-based parent company, Meta. Further details on data processing can be found in the WhatsApp Privacy Policy at: https://www.whatsapp.com/legal/#privacy-policy.

The use of WhatsApp is based on our legitimate interest in communicating as quickly and effectively as possible with customers, interested parties, and other business and contractual partners (Art. 6(1)(f) GDPR). If consent has been requested, data processing is carried out exclusively on the basis of that consent; this consent may be revoked at any time with effect for the future.

The messages exchanged between you and us on WhatsApp will remain in our possession until you ask us to delete them, withdraw your consent to their storage, or the purpose for which the data is stored no longer applies (e.g., after your request has been processed). Mandatory legal provisions, particularly retention periods, remain unaffected.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF is required to comply with these data protection standards. For more information, please contact the provider via the following link: https://www.dataprivacyframework.gov/participant/7735.

5. Social media

Instagram

We have integrated features from the social media platform Instagram into this website. These features are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

If the social media feature has been enabled, a direct connection will be established between your device and Instagram’s server. As a result, Instagram will receive information about your visit to this website.

If you are logged into your Instagram account, you can click the Instagram button to share content from this website on your Instagram profile. This allows Instagram to associate your visit to this website with your user account. Please note that we, as the provider of this website and its pages, have no knowledge of the content of the data transmitted or how Instagram uses it.

The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.

To the extent that personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set forth in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook or Instagram tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook or Instagram products. You can exercise data subject rights (e.g., requests for information) regarding data processed by Facebook or Instagram directly with Facebook. If you exercise your data subject rights with us, we are obligated to forward them to Facebook.

Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses (SCC). Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/, and https://de-de.facebook.com/help/566994660333381.

For more information on this topic, please refer to Instagram’s Privacy Policy at: https://privacycenter.instagram.com/policy/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF is required to comply with these data protection standards. For more information, please contact the provider via the following link: https://www.dataprivacyframework.gov/participant/4452.

LinkedIn

This website uses features from the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Every time you access a page on this website that contains LinkedIn elements, a connection to LinkedIn’s servers is established. LinkedIn is notified that you have visited this website, along with your IP address. If you click on LinkedIn’s “Recommend” button while logged into your LinkedIn account, LinkedIn will be able to associate your visit to this website with your user account. We must point out that we, as the provider of the websites, have no knowledge of the content of the transferred data or its use by LinkedIn.

The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.

Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses (SCC). Details can be found here: https://www.linkedin.com/help/linkedin/answer/a1343190/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de.

For more information on this topic, please refer to LinkedIn’s Privacy Policy at: https://www.linkedin.com/legal/privacy-policy.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF is required to comply with these data protection standards. For more information, please contact the provider via the following link: https://www.dataprivacyframework.gov/participant/5448.

6. Newsletter

Newsletter data

If you would like to subscribe to the newsletter offered on this website, we will need your email address as well as information that allows us to verify that you are the owner of the email address provided and consent to receiving the newsletter. No other data will be collected, or will be collected only on a voluntary basis. We will use this data solely for the purpose of sending the requested information and will not share it with any third parties.

The processing of the information entered in the newsletter subscription form is based solely on your consent (Art. 6(1)(a) GDPR). You may revoke your consent to the storage of your data, your email address, and the use of this information for sending the newsletter at any time, for example by clicking on the “Unsubscribe” link in the newsletter. This shall not affect the lawfulness of any data processing operations that have taken place to date.

The data you provide to us when subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider, and will be removed from the newsletter distribution list after you unsubscribe or once the purpose for which it was collected no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion, based on our legitimate interest in accordance with Article 6(1)(f) of the GDPR.

Data stored by us for other purposes remains unaffected.

After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist, if such action is necessary to prevent future mailings. The data from the blacklist is used solely for this purpose and is not combined with other data. This serves both your interests and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Article 6(1)(f) of the GDPR). The data is stored in the blacklist indefinitely. You may object to this storage if your interests outweigh our legitimate interest.

7. Plug-ins and Tools

Google Fonts (local embedding)

This website uses Google Fonts provided by Google to ensure consistent font display across the site. These Google Fonts are installed locally, so no connection to Google’s servers is established when using this application.

For more information on Google Fonts, please follow this link: https://developers.google.com/fonts/faq and review Google’s Privacy Policy at: https://policies.google.com/privacy?hl=en.